Forum Discussion
AltocumulusASM DoS Profile blacklist duration
MVPHi Evergrim,
looks like you are talking about the AWAF feature Application Layer or L7 DDoS protection, even though the article you reference is for AFM.
My recommendation is to use Behavioral DoS, don't mix with TPS or stress-based. For BaDOS this config is my gold standard.
This will generate dynamic signatures to mitigate L7 DDoS attacks. Dynamic signatures remain in the list until the maximum number is detected (for ASM HTTP, 1024; for AFM, 32 per device or protected object).
KR
Daniel
Hi Daniel_Wolf ,
He has both AWAF and AFM licenses provisioned , so he don't see the legacy view of AWAF DoS , but he see the Dos Protection as a multiple vectors distributed between ( Network , SIP , DNS and HTTP ).
So If he need to configure the Behavioral Dos For HTTP , He can select the Behavioral Vector for HTTP and he can proceed.
The Snap shot you have shared here is identical to the Behavioral HTTP , Just F5 merged AFM DoS with AWAF DoS shown as a number of Vectors if you have both license provisioned.
So in the recent versions or releases he will not able to switch to legacy view and obtain like your snapshot.
Correct me If I am wrong
- Daniel_Wolf
the screenshot is from my AWAF with v16.1. Today I was looking at a customer environment with AWAF+AFM (v17.1) provisioned and there I had the possibility to switch between AFM view and legacy view. If legacy view is in 17.1, I'm pretty sure it's also in 16.1.
KR
DanielHi Daniel_Wolf ,
Great !
Maybe this not supported in VEs because I treid to switch multiple times but without luck.
But any way , I think he can't set a duration in AWAF Behavioral Bad actor.
EvergrimHey you two,
Thank you very much for your answers. They've already helped me to skim through. I'll have a closer look later today.
Yes, I should have started with that. We have both AWAF and AFM provisioned. And of course I was talking about AWAF. I didn't realize that the article was talking about AFM, of course. Sorry for the confusion.
